Forum Navigation
Topics
Log In
Log Out
:
Forum Search
New Today
New This Week
Advanced Search
Tree View
Forum Account
Edit Profile
Register
Forgot Password
Forum Tools
Help/Instructions
Policies
CLICK STATE TO SEE:
"WATCH LIST"
Marked with: 
"OPEN & HONEST"
Marked with: 
...
|
| (US) 6/06 - GEMS vs. a Computer Game... |
|
| Author |
Message |
    
Timothy Charters
Voting Rights Forum Participant
Username: Inh
Post Number: 8
Registered: 06-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, June 6, 2006 - 1:31 pm: | 
|
I'm sure all of you are aware of how easy it is to change vote totals of Diebold's GEMS software using only Microsoft Access. Diebold's rebuttals have largely to the effect that no program is completely unhackable and that their GEMS design was the best that they could do.
This raises the question of what sort of design they could used for a secure vote tabulating program. I have no experience with financial programs, but I do know one particular computer program inside and out: Freedom Force.
Freedom Force is a computer game made by Irrational Games where you control a team of superheroes in a world inspired by comic books of the 1960s. Like many computer games, it was designed to be easily user modifiable, in hopes that players would create new content of their own for the game. As a member of the sizeable community that has formed around the game, I can testify that Irrational Games has completely succeeded in this aspect. So how does it stack up against software used to count millions of votes nationwide?
For the purposes of this comparison, I will examine the 'Campaign' data of Freedom Force. That is, the order in which levels are played. This can be easily modified by FFEdit, a program written by Irrational Games and released approximately 6 months after Freedom Force was. This is what it looks like in FFEdit:
http://www.frpmods.com/files/Conduit/images/hackingff5.jpg
But GEMS did not require a program specially created by Diebold to modify vote totals, therefore for the purposes of this comparison, we will have to see if it is possible to modify this data using other means. The data is stored in a file called campdef.dat
http://www.frpmods.com/files/Conduit/images/hackingff.jpg
Double clicking on it opens it up in Notepad, where it is a lot of gibberish.
http://www.frpmods.com/files/Conduit/images/hackingff4.jpg
I realized that it could also be edited using a hex editor, which modifies the actual binary code of files and can edit just about anything. Opening it up in a hex editor just produces the same gibberish, though perhaps better organized.
http://www.frpmods.com/files/Conduit/images/hackingff3.jpg
It's theoretically possible to modify the files using either of these programs, but I can't make heads or tails of the way the data is encoded, and a single character in the wrong place would render the data unusable by Freedom Force.
So, in summary, a computer game designed to be user modifiable can only have important data modified by a program specially designed by the makers of the game, while a program that tabulates votes can have vote totals modified by a program included in the standard package of Microsoft Office. |
Robert Sawdey
Frequent Voting Rights Forum Participant
Username: Rsawdey
Post Number: 143
Registered: 01-2006
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Tuesday, June 6, 2006 - 5:19 pm: |
|
You're not correct here. The same techniques of modifying the VOTE can be used to modify the GAME. For programmers familiar with hexadecimal and storage formats, any file can be 'tweaked'. It's the SAME vulnerability, not 'less secure'. Both are completely insecure. The user interface provided by the game maker is just a way of recognizing the order contained in the format. If Diebold wanted, they could provide an 'Election Count Editor' just like your game configuration editor. Perhaps there is one for insider 'experts'. 'Vote Flipping' while you wait!
"With the advent of modern computers it's possible to make mistakes VERY VERY rapidly!" |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2794
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, June 7, 2006 - 10:38 am: |
|
quote:Of course, compared to ballot stuffing at the precint level or under-the-table liberal union deals or outright spending by conservative lobbyists, the numbers which potentially could be fixed are fscking small.
If you read Hursti II you'll see that the numbers which could be potentially fixed are far greater by orders of magnitude than what one person could rig with old-fashioned paper ballots.
Also, the vulnerabilities do not involve just software.
And "control" is something that is virtually impossible to ensure, because of the range of vulnerabilities in some machines. For example, the device could be manipulated while still in the vendor's possession, or during shipping, or by a pollworker who has the machine overnight, or possibly even by a voter who comes equipped with a phillips-head screwdriver. |
Michelle Smith
Voting Rights Forum Participant
Username: Galfromcal
Post Number: 96
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, June 7, 2006 - 11:29 am: |
|
Catherine and others,
Did you all hear about what happened in LA, county with the GEMS program being run on Dell computers that have not been certified?
Also that everyone in Echo Park, Ca district was having difficulty find their precinct because our lovely Connie McCormack just sent the notice on Monday? |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2796
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, June 7, 2006 - 1:15 pm: |
|
Michelle, no, I haven't heard about these yet. If you've got links please post them--maybe in the News section on one of the 4 threads there. The more, the merrier. |
Robert Sawdey
Frequent Voting Rights Forum Participant
Username: Rsawdey
Post Number: 147
Registered: 01-2006
Best of Black Box? 
Votes: 1 (A keeper?) | | Posted on Wednesday, June 7, 2006 - 1:19 pm: |
|
In support of Catherine's argument, it's CENTRALIZATION that is one of the inherent dangers... it concentrates power, and power corrupts. The fewer people with the authority to affect the outcome, the fewer need bribed & the higher the bribes will be.
I was in Spain, under the dictator Franco, for an election. I met a woman who was a PHD student in political science, and she confessed to me she had helped stuff ballot boxes... the boxes were taken from the local precincts to a central counting area by a police car with escorts & during the trip the cars played 'doe-si-doe' so the car with the stuffed boxes became the 'escorted' car before it arrived at the central counting area... replacing the true ballot box with the stuffed one. Centralization requires questionable 'chain of custody'... local counting eliminates the whole chain.
Michelle's observance that GEMS is being run on uncertified hardware might give an opening for legal action... but it's really not an increased threat. GEMS is so vulnerable it would be easily compromised on the best of secure hardware, only takes a minute for an insider with access to create any result they choose. |
Michelle Smith
Voting Rights Forum Participant
Username: Galfromcal
Post Number: 97
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, June 7, 2006 - 1:26 pm: |
|
Catherine,
I will get that to you this evening.
But until then if anyone reads this thread maybe who ever else might have it can post it.
I have to go to a meeting otherwise I would post it.
Sorry!, but I will have to work on it later. |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2797
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Wednesday, June 7, 2006 - 1:39 pm: |
|
Great Michelle, see you later! |
Michelle Smith
Voting Rights Forum Participant
Username: Galfromcal
Post Number: 98
Registered: 11-2005
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, June 8, 2006 - 12:21 am: |
|
Catherine,
This an post from BradBlog that talk about a suit filed by two activist about LA county Registrar was using Uncertified software "A last-minute Election Eve compaint has been filed in a Los Angeles courtroom within the hour calling on LA County's registrar of voters, Conny B. McCormack to immediately remove Diebold elecronic voting machine tabulators, said to have illegal access to the Internet as well as uncertified tabulation software, from counting rooms at the county's main facility in Norwalk, The BRAD BLOG has learned.
The plaintiffs in the case are Cindy Asner and Cynthia Henderson, LA County Chair of the Peace and Freedom Party."
You can find the whole story here;http://www.bradblog.com/archives/00002910.htm
I have yet to find anything on Echo Park in LA county. I heard it being reported last night on KTLA 1150 AM. Local host out in the area were reporting this live to the host in the studios.
I'm still looking.
Michelle
;-) |
Catherine Ansbro
Frequent Voting Rights Forum Participant
Username: Catherine_a
Post Number: 2814
Registered: 12-2004
Best of Black Box? N/A
Votes: 0 (A keeper?) | | Posted on Thursday, June 8, 2006 - 5:49 am: |
|
Thanks,Michelle. |
|
|
